def index(request, error=None):
# try to get suricata from db
suri = get_suri()
if settings.SURICATA_NAME_IS_HOSTNAME:
suri.name = socket.gethostname()
if suri:
context = {'suricata': suri}
if error:
context['error'] = error
if suri.ruleset:
supp_rules = list(
Rule.objects.filter(
ruletransformation__ruleset=suri.ruleset,
ruletransformation__key=Transformation.SUPPRESSED.value,
ruletransformation__value=Transformation.S_SUPPRESSED.value
))
if len(supp_rules):
suppressed = ",".join([unicode(x.sid) for x in supp_rules])
context['suppressed'] = suppressed
if settings.USE_ELASTICSEARCH:
context['rules'] = True
return scirius_render(request, 'suricata/index.html', context)
else:
form = SuricataForm()
context = {'creation': True, 'form': form}
missing = dependencies_check(Suricata)
if missing:
context['missing'] = missing
return scirius_render(request, 'suricata/edit.html', context)
def index(request, error = None):
# try to get suricata from db
suri = get_suri()
if suri:
context = {'suricata': suri}
if error:
context['error'] = error
if suri.ruleset:
supp_rules = list(suri.ruleset.suppressed_rules.all())
if len(supp_rules):
suppressed = ",".join([ str(x.sid) for x in supp_rules])
context['suppressed'] = suppressed
if settings.USE_ELASTICSEARCH:
context['rules'] = True
complete_context(request, context)
return scirius_render(request, 'suricata/index.html', context)
else:
form = SuricataForm()
context = { 'creation': True , 'form': form}
missing = dependencies_check(Suricata)
if missing:
context['missing'] = missing
return scirius_render(request, 'suricata/edit.html', context)
def edit(request):
suri = get_suri()
if request.method == 'POST':
if suri:
suri.updated_date = timezone.now()
form = SuricataForm(request.POST, instance=suri)
else:
form = SuricataForm(request.POST)
if form.is_valid():
if suri:
form.save()
UserAction.create(
action_type='edit_suricata',
comment=form.cleaned_data['comment'],
user=request.user,
suricata=suri
)
return redirect(index)
try:
suricata = Suricata.objects.create(
name=form.cleaned_data['name'],
descr=form.cleaned_data['descr'],
output_directory=form.cleaned_data['output_directory'],
created_date=timezone.now(),
updated_date=timezone.now(),
ruleset=form.cleaned_data['ruleset'],
yaml_file=form.cleaned_data['yaml_file'],
)
except IntegrityError as error:
return scirius_render(
request,
'suricata/edit.html',
{'form': form, 'error': error}
)
UserAction.create(
action_type='create_suricata',
comment=form.cleaned_data['comment'],
user=request.user,
suricata=suricata
)
return redirect(index)
else:
return scirius_render(
request,
'suricata/edit.html',
{'form': form, 'error': 'Invalid form'}
)
else:
if suri:
form = SuricataForm(instance=suri)
else:
form = SuricataForm()
missing = dependencies_check(Suricata)
return scirius_render(request, 'suricata/edit.html', {'form': form, 'missing': missing})
def index(request):
# try to get suricata from db
suri = get_suri()
if suri:
context = {'suricata': suri}
supp_rules = list(suri.ruleset.suppressed_rules.all())
if len(supp_rules):
suppressed = ",".join([str(x.sid) for x in supp_rules])
context['suppressed'] = suppressed
if settings.USE_ELASTICSEARCH:
if request.GET.__contains__('duration'):
duration = int(request.GET.get('duration', '24'))
if duration > 24 * 7:
duration = 24 * 7
request.session['duration'] = duration
else:
duration = int(request.session.get('duration', '24'))
from_date = int(
(time() - (duration * 3600)) * 1000) # last 24 hours
if duration <= 24:
date = str(duration) + "h"
else:
date = str(duration / 24) + "d"
context['date'] = date
rules = es_get_rules_stats(request, suri.name, from_date=from_date)
if rules:
context['rules'] = rules
else:
context[
'error'] = 'Unable to join Elasticsearch server or no alerts'
return scirius_render(request, 'suricata/index.html', context)
else:
form = SuricataForm()
context = {'creation': True, 'form': form}
missing = dependencies_check(Suricata)
if missing:
context['missing'] = missing
return scirius_render(request, 'suricata/edit.html', context)
def index(request):
# try to get suricata from db
suri = get_suri()
if suri:
context = {'suricata': suri}
supp_rules = list(suri.ruleset.suppressed_rules.all())
if len(supp_rules):
suppressed = ",".join([ str(x.sid) for x in supp_rules])
context['suppressed'] = suppressed
if settings.USE_ELASTICSEARCH:
if request.GET.__contains__('duration'):
duration = int(request.GET.get('duration', '24'))
if duration > 24 * 7:
duration = 24 * 7
request.session['duration'] = duration
else:
duration = int(request.session.get('duration', '24'))
from_date = int((time() - (duration * 3600)) * 1000) # last 24 hours
if duration <= 24:
date = str(duration) + "h"
else:
date = str(duration / 24) + "d"
context['date'] = date
rules = es_get_rules_stats(request, suri.name, from_date=from_date)
if rules:
context['rules'] = rules
else:
context['error'] = 'Unable to join Elasticsearch server or no alerts'
return scirius_render(request, 'suricata/index.html', context)
else:
form = SuricataForm()
context = { 'creation': True , 'form': form}
missing = dependencies_check(Suricata)
if missing:
context['missing'] = missing
return scirius_render(request, 'suricata/edit.html', context)
return scirius_render(request, 'rules/add_ruleset.html', { 'error': 'Unsufficient permissions' })
context = {}
if request.method == 'POST': # If the form has been submitted...
form = RulesetForm(request.POST) # A form bound to the POST data
if form.is_valid(): # All validation rules pass
# Process the data in form.cleaned_data
# ...
try:
ruleset = form.create_ruleset()
except IntegrityError, error:
return scirius_render(request, 'rules/add_ruleset.html', { 'form': form, 'error': error })
return redirect(ruleset)
else:
form = RulesetForm() # An unbound form
missing = dependencies_check(Ruleset)
if missing:
context['missing'] = missing
context['form'] = form
return scirius_render(request, 'rules/add_ruleset.html', context)
def update_ruleset(request, ruleset_id):
rset = get_object_or_404(Ruleset, pk=ruleset_id)
if not request.user.is_staff:
return redirect(rset)
try:
rset.update()
except IOError, errors:
created_date = timezone.now(),
updated_date = timezone.now(),
ruleset = form.cleaned_data['ruleset'],
yaml_file = form.cleaned_data['yaml_file'],
)
except IntegrityError, error:
return scirius_render(request, 'suricata/edit.html', { 'form': form, 'error': error })
return redirect(index)
else:
return scirius_render(request, 'suricata/edit.html', { 'form': form, 'error': 'Invalid form' })
else:
if suri:
form = SuricataForm(instance = suri)
else:
form = SuricataForm()
missing = dependencies_check(Suricata)
return scirius_render(request, 'suricata/edit.html', { 'form': form, 'missing': missing })
def update(request):
suri = get_suri()
if not request.user.is_staff:
return redirect('/')
if suri == None:
form = SuricataForm()
context = { 'creation': True , 'form': form}
return scirius_render(request, 'suricata/edit.html', context)
if request.method == 'POST':
return scirius_render(request, 'rules/add_ruleset.html', { 'error': 'Unsufficient permissions' })
context = {}
if request.method == 'POST': # If the form has been submitted...
form = RulesetForm(request.POST) # A form bound to the POST data
if form.is_valid(): # All validation rules pass
# Process the data in form.cleaned_data
# ...
try:
ruleset = form.create_ruleset()
except IntegrityError, error:
return scirius_render(request, 'rules/add_ruleset.html', { 'form': form, 'error': error })
return redirect(ruleset)
else:
form = RulesetForm() # An unbound form
missing = dependencies_check(Ruleset)
if missing:
context['missing'] = missing
context['form'] = form
return scirius_render(request, 'rules/add_ruleset.html', context)
def update_ruleset(request, ruleset_id):
rset = get_object_or_404(Ruleset, pk=ruleset_id)
if not request.user.is_staff:
return redirect(rset)
try:
rset.update()
except IOError, errors: